Executable XSS cheat sheets for popular web frameworks

Run a single Semgrep command to check your app for XSS

Pablo Estrada
January 21st, 2021
Share

We’re big fans of the OWASP Cheat Sheet Series, one of the flagship OWASP projects. The series includes detailed information on all kinds of security issues and is an outstanding reference and educational tool.

We developed these cheat sheets to check for code patterns of potential XSS (cross site scripting) in an application. Instead of scrutinizing code for exploitable vulnerabilities, the recommendations in these cheat sheets pave a safe road for developers that mitigates the possibility of XSS in your code. By following these recommendations, you can be reasonably sure your code is free of XSS. Each cheat sheet includes a single executable command to scan your code for XSS issues.

Our first four cheat sheets scan these popular web app frameworks:

More background on XSS is available in the OWASP XSS Prevention Cheat Sheet.

If you’re interested in contributing your own Semgrep rules back to the community (for XSS or other issues), check out the semgrep-rules repository. And stay tuned for more cheat sheets like these!

About

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.